Guidelines for designing IT security management tools

An important factor that impacts the effectiveness of secu-rity systems within an organization is the usability of secu-rity management tools. In this paper, we present a survey of design guidelines for such tools. We gathered guidelines and recommendations related to IT security management tools from the literature as well as from our own prior studies of IT security management. We categorized and combined these into a set of high level guidelines and identified the relationships between the guidelines and challenges in IT security management. We also illustrated the need for the guidelines, where possible, with quotes from additional in-terviews with five security practitioners. Our framework of guidelines can be used by those developing IT security tools, as well as by practitioners and managers evaluating tools

DESURBS deliverable 2.2: tools for the assessment of security threats

This report constitutes Deliverable 2.2 of the FP7 Security Program research project ‘Designing Safer Urban Spaces’ (DESURBS, Grant Agreement no. 261652). The purpose of this report is to highlight the examples of open access online security and resilience approaches and tools and key documents that support decision making in regard to the Integrated Security and Resilience (ISR) framework (WP2.3), the structure of which has been incorporated into all the WP2 deliverables. The report presents information on the approaches mentioned above, found during the course of an extensive literature review, and from data collection that has been undertaken in the Nottingham (UK) and Jerusalem (Israel) case study cities of the project. This deliverable demonstrates that there is a great number of tools and documents available online, however the majority of them are context-specific and can only provide partial information that can be useful in disaster risk management. It has been identified that many of the tools are multi-hazard and can be used in conjunction with international documents and guidelines. There is however a lack of open-access tools for specific hazards, in particular industrial accidents and ground movements. This is due to a high specificity of these events and a necessity to use high-tech equipment for identification of these hazards and their mitigation

Developing a Framework for Creating mHealth Surveys

Various issues in the design of surveys for mobile health (mHealth) research projects yet exist. As mHealth solutions become more popular, new issues are brought into consideration. Researchers need to collect some critical information from participants in these mHealth studies. These mHealth studies require a specialized framework to create surveys, track progress and analyze user data. In these procedures, mHealth’s needs differ from other studies. Therefore, there has to be a new framework that satisfies needs of mHealth research studies. Although there are studies for creating efficient, robust and user-friendly surveys, there is no solution or study, which is specialized in mHealth area and solves specific problems of mHealth research studies. mHealth research studies sometimes require real-time access to user data. Reward systems may play a key role in their study. Most importantly, storing user information securely plays a key role in these studies. There is no such solution or study, which covers all these areas. In this thesis, we present guidelines for developing a framework for creating mHealth surveys. In doing this, we hope that we propose a solution for problems of creating and using of surveys in mHealth studies

Developing a Framework to Implement Public Key Infrastructure Enabled Security in XML Documents

This paper concentrates on proposing a framework to implement the PKI enables security in XML documents, by defining a common framework and processing rules that can be shared across applications using common tools, avoiding the need for extensive customization of applications to add security. The Framework reuses the concepts, algorithms and core technologies of legacy security systems while introducing changes necessary to support extensible integration with XML. This allows interoperability with a wide range of existing infrastructures and across deployments. Currently no strict security models and mechanisms are available that can provide specification and enforcement of security policies for XML documents. Such models are crucial in order to facilitate a secure dissemination of XML documents, containing information of different sensitivity levels, among (possibly large) user communities

Co-designing climate-smart farming systems with local stakeholders: A methodological framework for achieving large-scale change

The literature is increasing on how to prioritize climate-smart options with stakeholders but relatively few examples exist on how to co-design climate-smart farming systems with them, in particular with smallholder farmers. This article presents a methodological framework to co-design climate-smart farming systems with local stakeholders (farmers, scientists, NGOs) so that large-scale change can be achieved. This framework is based on the lessons learned during a research project conducted in Honduras and Colombia from 2015 to 2017. Seven phases are suggested to engage a process of co-conception of climate-smart farming systems that might enable implementation at scale: (1) “exploration of the initial situation,” which identifies local stakeholders potentially interested in being involved in the process, existing farming systems, and specific constraints to the implementation of climate-smart agriculture (CSA); (2) “co-definition of an innovation platform,” which defines the structure and the rules of functioning for a platform favoring the involvement of local stakeholders in the process; (3) “shared diagnosis,” which defines the main challenges to be solved by the innovation platform; (4) “identification and ex ante assessment of new farming systems,” which assess the potential performances of solutions prioritized by the members of the innovation platform under CSA pillars; (5) “experimentation,” which tests the prioritized solutions on-farm; (6) “assessment of the co-design process of climate-smart farming systems,” which validates the ability of the process to reach its initial objectives, particularly in terms of new farming systems but also in terms of capacity building; and (7) “definition of strategies for scaling up/out,” which addresses the scaling of the co-design process. For each phase, specific tools or methodologies are used: focus groups, social network analysis, theory of change, life-cycle assessment, and on-farm experiments. Each phase is illustrated with results obtained in Colombia or Honduras

Language design for a personal learning environment design language

Approaching technology-enhanced learning from the perspective of a learner, we foster the idea of learning environment design, learner interactions, and tool interoperability. In this paper, we shortly summarize the motivation for our personal learning environment approach and describe the development of a domain-specific language for this purpose as well as its realization in practice. Consequently, we examine our learning environment design language according to its lexis and syntax, the semantics behind it, and pragmatical aspects within a first prototypic implementation. Finally, we discuss strengths, problematic aspects, and open issues of our approach

Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

e-Science projects face a difficult challenge in providing access to valuable computational resources, data and software to large communities of distributed users. Oil the one hand, the raison d'etre of the projects is to encourage members of their research communities to use the resources provided. Oil the other hand, the threats to these resources from online attacks require robust and effective Security to mitigate the risks faced. This raises two issues: ensuring that (I) the security mechanisms put in place are usable by the different users of the system, and (2) the security of the overall system satisfies the security needs of all its different stakeholders. A failure to address either of these issues call seriously jeopardise the success of e-Science projects.The aim of this paper is to firstly provide a detailed understanding of how these challenges call present themselves in practice in the development of e-Science applications. Secondly, this paper examines the steps that projects can undertake to ensure that security requirements are correctly identified, and security measures are usable by the intended research community. The research presented in this paper is based Oil four case studies of c-Science projects. Security design traditionally uses expert analysis of risks to the technology and deploys appropriate countermeasures to deal with them. However, these case studies highlight the importance of involving all stakeholders in the process of identifying security needs and designing secure and usable systems.For each case study, transcripts of the security analysis and design sessions were analysed to gain insight into the issues and factors that surround the design of usable security. The analysis concludes with a model explaining the relationships between the most important factors identified. This includes a detailed examination of the roles of responsibility, motivation and communication of stakeholders in the ongoing process of designing usable secure socio-technical systems such as e-Science. (C) 2007 Elsevier Ltd. All rights reserved